Sunday, February 19, 2017

The ECS-CERT today announced that they had discovered a new
cybersecurity worm that specifically targets safety control systems. The newly
discovered UNSICHER worm was discovered during an ECS-CERT investigation of a
control system incident at a chemical plant in the mid-west, according to Immanuel
C. Securitage, an ECS-CERT spokesman.

Securitage reported that an ECS-CERT team was called to the
facility when the safety systems started shutting down chemical manufacturing
systems operating under safe conditions. The investigators quickly isolated the
malware. Working with Robotron, the company that sells the SicherheitsKontrolle
safety control system, ECS-CERT was able to identify how the isolated safety
system was infected.

Erich Mielke, the Robotron spokesman, explained that the SicherheitsKontrolle
was a completely air-gapped safety system. Technicians from the company are the
only ones that are able to connect to the system as they are the only ones that
have both the physical and software keys to access the firewire port on the
system that is used for installing updates and patches.

Securitage reported that apparently the Robotron technician
that installed the latest update had picked up the worm on his laptop when he
plugged into an airport charging port in route to install the latest update. UNSICHER
was found both on the technician’s laptop and all of the Robotron systems that
he updated on that particular trip.

When the SicherheitsKontrolle system is infected, Mielke
explained, it attempted to establish a communication link between one of the
Robotron PLCs connected to the safety system using the wireless communications
link Robotron uses to allow wireless connections to sensors used in the
process. Once the connection link between the normally isolated safety system
and the facility control system is made, the worm tries to establish a
communications link to a command and control computer under the control of the
attacker.

Securitage suggested that anyone using the Robotron PLCs as
part of a safety system lock-out the wireless ports by setting the DIP switches
provided for that purpose as the UNSICHER worm is able to bypass the software
locks on those ports.

ECS-CERT reports that there was no physical damage caused at
the facility where the worm was discovered, but that the company suffered
almost $1 million in losses due to lost production and rework disposal costs.

Wednesday, February 8, 2017

This afternoon the Federal Electronics Commission announced
a $1.2 million fine was levied against Robotron, the German electronic control
system manufacturer, for the exfiltration and sale of manufacturing data from hundreds
of US companies. David Weeb, the FEC spokesman, reported that this is the first
fine the Commission has levied for industrial data exfiltration.

The FEC notice explained that the Robotron had used its
MotorSteuerung software to collect data from electric motors in thousands of
facilities around the world. While the data collection was originally designed
to provide preventive maintenance information to customers, Robotron has
admitted that they have been selling the data to electric motor manufacturers
around the world.

Robotron President Erich Mielke said in a prepared statement
that Robotron had initially started using the data for marketing their variable
speed motors. When the Electric Motors Division was sold off as part of a
restructuring move three years ago, Robotron decided to start selling the data
to other electric motor manufacturers.

Mielke explained that the detail performance data helped to
provide important sales leads and data to enable motor sales people to make the
case for switching to more expensive variable speed motors.

This practice came to the FEC’s notice recently when a
terrorism investigation by the Federal Bureau of Inquiry discovered that
sophisticated knowledge of the operation of a motor in an HVAC system allowed
hackers from the Stasi Ehemalige hacking collective to start the recent fire in
a synagogue near Houston, TX.

Johnathan Quest, an FBI spokesman, told reporters that
Robotron was probably not the direct source of the information used by the Stasi
group. He said that the FBI believes that an insider at an unnamed electric
motor manufacturer with close ties to Stasi Ehemalige provided the Robotron
information to the group. The FBI hopes to make arrests soon in that case where
two people were killed and hundreds injured in the synagogue fire.

About Me

I spent 15 years in the US Army as an Infantry NCO. After getting out of the Army I started working in the chemical industry, getting my BSc Chemistry degree while working as a technician. I spent 12 years working as a process chemist in a specialty chemical company. Most recently I worked as a QA/R&D Manager in a specialty chemical manufacturing facility. Currently I am working as a freelance writer.